Attacks with Virtualization

Virtualization makes the provision and movement virtual machines faster in enterprises today. But the companies should make sure that they have implemented proper security control for the Virtual Machines (VM) and adhere to the compliance requirements and policies of the company. Advances in virtualization technology has also led to new methods to attack and penetrate into the networks of companies. Simple pictorial representation of the different layers in virtual environment and some of the attacks in those layers is given below.

Most common among the type of attacks on virtual environments is Hyper-Jacking. In this type of attack, the hypervisor itself is attacked and used by the attacker for harmful purposes.
Next type of attack is VM escape. This type of attack can cause serious threat to VM security. Here the attacker's code breaks OS of the VM and interacts directly with the hypervisor. With this type of attack they can discover other VM's and eventually take over entire virtual environment.
VM poaching is similar to Denial of  Service attack. The aim for the attacker is to overload the hypervisor, drain all its resources and make eventually make it non functional.

To gain maximum benefit of virtual environments, they should be monitored and managed well. Ensuring  virtual machine software patched, Installing only the resource-sharing features that are really needed and minimizing software installations to a minimum are some the steps the VM administrators can follow to keep it safe from attacks.

Save this article